Received: by 10.192.165.148 with SMTP id m20csp1287368imm;
        Wed, 2 May 2018 18:24:32 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrSpKI2pPO7mdl7QUR9GbLKsn/3KlHEGHYeLyzDusTSSmBtKJcIeKpmbRRZ8HdC0ZWidXne
X-Received: by 10.98.10.137 with SMTP id 9mr9464490pfk.112.1525310672862;
        Wed, 02 May 2018 18:24:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525310672; cv=none;
        d=google.com; s=arc-20160816;
        b=YSAzVWnK/StEwe+FiB70/qd8laKYO33RqT2UziRn3QWYJuQv26SeklA48IMNuoFDLn
         p3HjJKBGpGGNGgbTzE63+jy083XQRa25bNZmIkmUY1X7hCsGcMOa1IgxQV9seC5MU/mc
         6BVb4ZKUQFTP6E1TVZaW5Ve77FkrFuFUy8qva3gefbIlRV9iXI1o2y729LVIrx1783th
         +gmaqTtJvCNXTqMItecRNZtqjRJ2/8+1RoUPDgb99g7V1Pba6RDw8i0v8wPK4w/UiJ1m
         IJti0WTQkC6CNjTkkqt/JBZXAsMwcLohs6+JSb58Lb8WXTntVbq7ilyE/+Y7vH8CEzCO
         mr5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature:arc-authentication-results;
        bh=L/pUePgTWPscW1q23THymCa+Tv0e2symvd75lqihAqM=;
        b=daCZLUGrBmel+xuzJevbanWuOotCkDMcqjhEEsQPJbD21RqFVMecmsvWrw99rylQs3
         tCuTWpUP5P0VOnKQ3EMu1+A+ZOzZtSU2VVqlh2RSw1g3a3cH9LvPv1Q+3mxfy8KGkHO1
         YMPlt2KFrrEC7HdClL+zTR4W2nO5s0i9zfFBivHFwXnYYgQA8/+KnWukKpjHifRrL8RX
         DiuUyJDoWRT5b/HMrqzayt/TYP5hlYPJgHnyCkKsjzN3iRZ+pMiaZIP/NVHH/ZxQJG5f
         tYgrhvTVz0CmhAE2rJQEDleqiPJnM6L0OkSK7O/5jwBbtyc8fM7KIy+WuOUGeQSx4UF3
         JKmw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=QSJ8YNSU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v2-v6si10294353pge.105.2018.05.02.18.24.18;
        Wed, 02 May 2018 18:24:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=QSJ8YNSU;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751954AbeECBYJ (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Wed, 2 May 2018 21:24:09 -0400
Received: from mail-qk0-f196.google.com ([209.85.220.196]:36769 "EHLO
        mail-qk0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751745AbeECBYH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 May 2018 21:24:07 -0400
Received: by mail-qk0-f196.google.com with SMTP id a202so12793134qkg.3;
        Wed, 02 May 2018 18:24:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=L/pUePgTWPscW1q23THymCa+Tv0e2symvd75lqihAqM=;
        b=QSJ8YNSUwCQ1GXE8MGtGameRUcv0V1a/wZJ75c2LZavz+0tCkAR3qpGTZuRQ1zfw1U
         A99W/xum6xunU5/31LsU1F7KdwarCKj4Tt1EaCVcYEIT6heTSbggiDJWgYoNYLmZCYBV
         hXdio4eowORv+uX+/eii1WDwL+3DlfCm8wF6Os8R00/fPGI0DoY/RnnmE8jzPKCuAe76
         AsHHFxQOfoES0WTeD0Rd1HMLerDaCE4STfA7ecZswwrueCBFUTHECTykhpC4V44pdnok
         ORmviBQ5m+RvE9oscWe4nmQIzEg2VyD1AtgPE3fGqd1jLNRd8TLeal/syMHGyNwxrfbr
         UJJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=L/pUePgTWPscW1q23THymCa+Tv0e2symvd75lqihAqM=;
        b=KTrhcaw/HborHu/qlLJi0GlmKH0Dj5ewNp8+5TdcZCUg/50x96sFqJiAP8NXZM0a82
         eiWvMjH42PSa6yIMKF/Oe55C8sH5SvJb5lZHa+dIq1mUplEnE05dM2zeVYNycr7z/FZg
         yi8IQpPO66rTiugwh6OCrOtcyCbhh0WdfXpk03fRMcv3ITG7BJo16Nutei7zZT8Mh7NJ
         APGVdN3k3Y+swZYJqR2nvbLKhpUjmcShQL1EweNLxiZz7Inh6+gNlezNkEuSFZ3L6oC/
         3F+vZl/MOoEN2cInao1S1I2Cy0fzc3zfj+3kiVUMvaF20K89JK8yT5fbk3n0wM/ckVmX
         WSvQ==
X-Gm-Message-State: ALQs6tA1N1SQP7k3grAVxVg77IgEuudE+YiVZqDs615nu9flnnI1Iaoj
        js8ETU9Ov8Eo0IWWbj9cnbI=
X-Received: by 10.233.222.133 with SMTP id s127mr2095079qkf.34.1525310646605;
        Wed, 02 May 2018 18:24:06 -0700 (PDT)
Received: from localhost.localdomain ([177.10.56.95])
        by smtp.gmail.com with ESMTPSA id h37-v6sm7336168qtc.68.2018.05.02.18.24.05
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Wed, 02 May 2018 18:24:05 -0700 (PDT)
Received: by localhost.localdomain (Postfix, from userid 1000)
        id 72037180DFB; Wed,  2 May 2018 22:24:02 -0300 (-03)
Date:   Wed, 2 May 2018 22:24:02 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To:     Wenwen Wang <wang6495@umn.edu>
Cc:     Kangjie Lu <kjlu@umn.edu>, Vlad Yasevich <vyasevich@gmail.com>,
        Neil Horman <nhorman@tuxdriver.com>,
        "David S. Miller" <davem@davemloft.net>,
        "open list:SCTP PROTOCOL" <linux-sctp@vger.kernel.org>,
        "open list:NETWORKING [GENERAL]" <netdev@vger.kernel.org>,
        open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] sctp: fix a potential missing-check bug
Message-ID: <20180503012402.GK5105@localhost.localdomain>
References: <1525310145-28102-1-git-send-email-wang6495@umn.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1525310145-28102-1-git-send-email-wang6495@umn.edu>
User-Agent: Mutt/1.9.2 (2017-12-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 02, 2018 at 08:15:45PM -0500, Wenwen Wang wrote:
> In sctp_setsockopt_maxseg(), the integer 'val' is compared against min_len
> and max_len to check whether it is in the appropriate range. If it is not,
> an error code -EINVAL will be returned. This is enforced by a security
> check. But, this check is only executed when 'val' is not 0. In fact, if
> 'val' is 0, it will be assigned with a new value (if the return value of
> the function sctp_id2assoc() is not 0) in the following execution. However,
> this new value of 'val' is not checked before it is used to assigned to
> asoc->user_frag. That means it is possible that the new value of 'val'
> could be out of the expected range. This can cause security issues
> such as buffer overflows, e.g., the new value of 'val' is used as an index
> to access a buffer.
>
> This patch inserts a check for the new value of 'val' to see if it is in
> the expected range. If it is not, an error code -EINVAL will be returned.
>
> Signed-off-by: Wenwen Wang <wang6495@umn.edu>
> ---
>  net/sctp/socket.c | 22 +++++++++++-----------
>  1 file changed, 11 insertions(+), 11 deletions(-)

?
This patch is the same as previous one. git send-email <old file>
maybe?

  Marcelo